Skip to content
Snippets Groups Projects
Unverified Commit e3764bdb authored by Eugen Rochko's avatar Eugen Rochko Committed by GitHub
Browse files

Do not sign useless User-Agent or Accept-Encoding headers (#8533)

Fix #8080
parent 18eb5657
No related branches found
No related tags found
No related merge requests found
......@@ -73,15 +73,15 @@ class Request
algorithm = 'rsa-sha256'
signature = Base64.strict_encode64(@keypair.sign(OpenSSL::Digest::SHA256.new, signed_string))
"keyId=\"#{key_id}\",algorithm=\"#{algorithm}\",headers=\"#{signed_headers}\",signature=\"#{signature}\""
"keyId=\"#{key_id}\",algorithm=\"#{algorithm}\",headers=\"#{signed_headers.keys.join(' ').downcase}\",signature=\"#{signature}\""
end
def signed_string
@headers.map { |key, value| "#{key.downcase}: #{value}" }.join("\n")
signed_headers.map { |key, value| "#{key.downcase}: #{value}" }.join("\n")
end
def signed_headers
@headers.keys.join(' ').downcase
@headers.without('User-Agent', 'Accept-Encoding')
end
def key_id
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment